Poster: Non-repudiable Secure Logging System for the Web

Abstract

To resolve disputes between servicers providing web services and their users, non-repudiable evidence is crucial because it allows one party to dismiss the denial of facts or false allegations. We propose a logger that securely records web requests and responses in a Trusted Execution Environment (TEE) to generate non-repudiable evidence for web services, which we call LogNEWT: Logger for Non-rEpudiation of Web with TEE. LogNEWT solves security issues in deploying LibSEAL to practical web services, i.e., logger-bypassing, undefined user management, and complex logger verification. In addition, LogNEWT can be transparently deployed to the existing web services.